why this no-secure message comes on my site's homepage in Internet Explorer
Following is message:"The web page contains content that can not be delivered using secure HTTPS connection"
message box comes with yes/no option.
I have one asp.net application... what i need my website will run only on IE 7 and above..version...If request comes from below IE 7 then i dont need to open my website...i need to show some mesage use IE 7 and above..Let me know how to achieve this using Javascript...
View 7 RepliesMy web application will be launched through existing thick client applications. When launched, an HTTP POST request will be generated including information like the userID and additional context information (basically stuff like the target user's name, birthday, etc.).
My plan for authentication is for there to be a look-up table in the database. If the username is already there, automatically login the user, but if there is no entry in the database, redirect the user to an initial login page which will be used to create that database entry.
My question is how to secure this against MITM and other security holes. How can the request generated through the thick client be on an SSL connection? Doesn't an SSL connection have to be authenticated with the username (and password) first? And if so, will the additional context information be publicly exposed until the user is logged in?
I have a browser compatibilty problem with https? I have SSL installed and is in usage. Until today morning, my https part is working well. From then, Https is shown as https(with slashed in red color) saying the page has some insecure content. I have not changed any code and suddenly i see this problem in chrome. In IE 8, i see the same problem but on every page, it shows me a popup if i should allow to opne secure and non secure or just secure. Firefox has no issues . It shows correct https without any problem. I am fed up with it searching all over. Why is this happenening for me in Chrome and IE 8.
View 3 Replieshow to read content from other webiste in asp.net ?
View 5 RepliesI have a custom mini login user control that I have embedded in the top of my website which shows on every page. These pages are non-secure HTTP://. I would like to avoid having to redirect the user to a HTTPS page to perform the login but I definitely don't want to send login credentials to the server in plain text.
I am trying find a method to send the user's login credentials encrypted via https from a non-secure (http) page.
I tried to set the postbackurl for the login button to itself but in https, but the user's input is not retained and the buttonLogin_click is not fired when I set the button postbackurl property. My ASP.net web application is VB.Net framework 4.0
I am assuming this can be done because I see lots of websites where login fields are on available on every page and they are running http and I can believe they are not encrypting the login credentials.
I was just trying to install Umraco CMS on my ASP.NET website. I am using the Web Platform installer from Ubraco http://umraco/downloadI pointed the CMS install to the local website folder where it was intended to be installed and specified to use an existing database for the same. It is asking for the some username and password for the Database access. Is there some default value of the these particulars for these because I never configured the username and password for my DB? (It is a MS SQL Database)
Screenshot:[URL]
I want to know how I can make website available in my private home network? I know I am supposed to make my IP address static but I still do not know the complete steps to accomplish what I want to do. Is this even possible? If it is can someone please explain to me what I have to do?
View 3 RepliesI don't like asp.net profile provider store all profile info in one or two row in the database, but I want to use membership/profile API for authentication purpose.Customize membership/role/profile provider requires big big upfront efforts, which may cause more mess later.So how do people deal with that normally?
View 2 RepliesI have a GUI when i log in i create a cookie and it encrypt it. I am usin SSL.
I check in the Login.aspx page if the cookie is secure, which it is. but then before going to the default page it goes to the Global.ascx page.
Here in the Application_AuthenticateRequest it gets the cookie and decrypts it for the default page..
Now i know that it is getting the same cookie as all the other attributes match the one that was created in the Login.aspx page excet that the secure value is "False".
this is the case for all other pages after default. the value of the cookie.secure is false.
why is this happening as i want all the pages to be secure by SSL.
Also the pages are opening as https not http.
here is my web.config
[code]....
After logging to the mvc site using a secure connection (https), calling actions using https connection show up with the user logged in but calling actions using http it bahaves as if user didn't log on. Since I need to use a virtual directory for https connections(and can't use that directory for http connection) Https links start with: [URL]
View 1 RepliesI'm working on a legacy web application - frames and a mixture of html, asp and aspx. The entire site is https. For some strange reason when I hit a specific page I get the magic message that says the Page contains both secure and nonsecure items. (IE obviously doesn't want to tell me what those resources are) I have checked the page that's being loaded and there are absolutely no http://... links - everything is relative links.
I have fired up fiddler and checked what's being requested - everything looks fine. I am completely at wit's end here. I have absolutely no idea why I'm getting this message, but it's completely screwing with the site.
I am developing a web application in which the clients wants to send a pdf copy of aa Authenticated Page to users and as well as to the administrator..
As I google about this problem but didnt find any solution.
Because in all cases I have to pass the url of the secure page to the function...and in runtime when function make a webrequest to the page it will always generate the PDFof the login page.
So is there any way to generate the PDF of a secure page in C# ASP.Net
I have forgotte password page in my application,page have one textbox to insert email address,when user click on submit button if inserted email address (i.e. abc@gmail.com) does not exits in DB it will give custome error message like "Email ID not available".after that suppose user will enter inproper email address (aaa#gmail.com) than client side validation for regular expression will file "Email id not valid",at same both message be on screen,now i want only one message at a time.so please can you help me for same
View 2 Repliesi am using create user wizard and capturing other information within content template when a new userregisters. Some of the textboxes are binded to required field validators.there is a validation control on the page and ShowMessage box is True.If they dont complete some of the text boxes then the message box pops Up with the error message.It does not however include information errors like "User already exists" or Email address already existsfrom the create user wizard membership UserName and Password Textboxesis it possilbe to hook all of these up so I get one message box with all errors including membership ones?
View 3 RepliesBy default in login template, in case user key in the wrong user name or password, the literal message will show the default error message, "Your login attempt unsuccessful..."What i trying to do is, I have a function in my system to disapprove a member, after the member is disapproved, he/she will not allow to login anymore. When the user trying to login, the default literal msg will show out. Is there any way i can do it more specifically like if the user enter the wrong password only, the literal msg show: "Wrong password entered" insteaed of the default msg?
Same goes to the change password control, for any error msg it just show the long msg but does not tell user whats wrong with the entered valueim trying to do something like if the user enter the wrong password, the literal msg show the one i wan to show.
no Massagebox not working in the web
at catch I want appear windows and retuen to....
try
{
}
catch (Exception ex) {Console.WriteLine("Error reading from", ex); }
I would like to write a loop that sends an smtp message to a list of emails that I'm getting from a database.
I wrote a loop where I used message.to.add(recipient) first to add all the emails to the recipients collection.
However when the e-mail was received each recipient sees the entire list of recipients. How do I send to only
one recipient at a time, or prevent each recipient from seeing who all the other recipients are?
I have tried in many way but the error message for custom validator is not shown in validation summary but it(ValidationSummary) shows error message for every other type of validator.
[code]....
I am trying to send the message(complex type) to the message queue.I am getting the error,ETravel.Web, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' is not marked as serializable.below lies the code for that.
public void QueueMessage(EmailMessage message)
{
Message msg = new Message();
msg.Body = message; [code]...
I am having a wcf service that is throwing this error...here is my code:
this is the javascript calling
this._Proxy = function (serviceURL, serviceParam, dataType, type, data) {
this._URL = serviceURL + encodeURIComponent(serviceParam);
this._DataType = dataType == null || dataType == 'undefined' || dataType == '' ? defaultDataType : dataType;
this._Type = type == null || type == 'undefined' || type == '' ? defaultType : type;
this._Data = data;
this.Invoke = function () {
debugger;
$.ajax({
url: this._URL,
dataType: this._DataType,
type: this._Type,
data: data,
success: function () {
//Do nothing on success
return;
},
}
How to display a 1056 character message in message box in asp.NET C#.
Response.Write("<script>alert(' " + a + " ')</script>");
The above code just accepts 54 characters only.I need some other way to display the error messages for a whole page.
I want to post my login form to a secure url.
I figured the best way to do this would be bust open the HTML helpers for BeginForm with reflector and create my own extension method called BeginSecureForm. The problem I ran into was that it uses internal method UrlHelper.GenerateUrl and and the private method HtmlHelper.FormHelper.
Apart from hard coding URLs into a form what is the best way to generate forms that post to a secure url and then have that action redirect to a non secure action after login?
I've developing an ASP.NET application that interfaces with Google Maps and retrieves marker information from a database. The marker information is split into tables in the database, where the name of the table reflects a company (e.g. CompanyA_MarkerData, CompanyB_MarkerData etc). In order to periodically update the map with new marker data, I use setTimeout in JavaScript to regularly call my 'UpdateMarkers' JavaScript function. 'UpdateMarkers' makes a call to a web service which performs the database query and returns a list of markers back to the JavaScript, which in turn updates the map.
The main issue I have with this method is that my web service requires that I pass it the name of the company so that it knows which table in the database to access. As you can imagine , this poses a security risk as anyone can pass a different company name to the web service and be able to retrieve the data from other companies, as well as their own.
In order to avoid this problem, I am restructuring my program as follows: When the system administrator creates users for my application, they can also assign a company ID to this user. The company ID is stored using the Profile object in ASP.NET. I am moving the web service code into a class with shared functions so that they can be called only within my pages (but not by anyone, like with web services). The functions will still require a company name passed to be passed to them. However, rather than the JavaScript making direct calls to these shared functions, the JavaScript will call a set of page methods (which as I understand it, are not public like web services). These page methods will then use the Profile object to retrieve the company name attached to the user currently logged in and then make a call to my shared database functions and return the info back to the JavaScript.
I think that this second method is more secure than the first, because I don't allow the client to pass different options to my code and retrieve unauthorized data. The server side code works out the parameters that need to be sent. However, I am wondering if there is a better way of doing this that I am missing out?
I was wondering how you could encrypt/decrypt your querystring in a simple asp.net page? some values need to be passed between different pages but the querystring cannot be changed or read.
Some say httphandles could be the solution for this.
MORE BACKGROUND INFO:
this is the problem, sometimes the sessions disappear without any reason (well there must be one but I don't know it yet). I've looked into the possible reasons but nothing that could cause it is happening.
Therefore I cannot rely on it anymore. The cookie solution is a possibility but it will be more work to implement than simply using the querystring. The url can be copied at any time just not changed!